{"id":18918260,"url":"https://github.com/signtools/signtools-builder","last_synced_at":"2025-04-15T01:30:51.659Z","repository":{"id":38451774,"uuid":"348185361","full_name":"SignTools/SignTools-Builder","owner":"SignTools","description":"Sign iOS apps on demand using your own Mac. Part of: https://github.com/SignTools/SignTools","archived":false,"fork":false,"pushed_at":"2025-03-19T04:21:04.000Z","size":165,"stargazers_count":40,"open_issues_count":4,"forks_count":10,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-03-28T13:21:32.102Z","etag":null,"topics":["app","ios","ipad","iphone","macos","sideload","sign"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SignTools.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-03-16T02:13:58.000Z","updated_at":"2025-03-16T13:01:08.000Z","dependencies_parsed_at":"2024-04-25T05:30:13.552Z","dependency_job_id":"c7279dfa-230b-4075-89b3-f303d8e8ba48","html_url":"https://github.com/SignTools/SignTools-Builder","commit_stats":null,"previous_names":[],"tags_count":31,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SignTools%2FSignTools-Builder","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SignTools%2FSignTools-Builder/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SignTools%2FSignTools-Builder/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SignTools%2FSignTools-Builder/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SignTools","download_url":"https://codeload.github.com/SignTools/SignTools-Builder/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248988988,"owners_count":21194509,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["app","ios","ipad","iphone","macos","sideload","sign"],"created_at":"2024-11-08T10:30:46.457Z","updated_at":"2025-04-15T01:30:51.637Z","avatar_url":"https://github.com/SignTools.png","language":"Go","readme":"# SignTools Builder\n\nThis project is a free and simple builder server for [SignTools](https://github.com/SignTools/SignTools). It is the self-hosted alternative of [SignTools-CI](https://github.com/SignTools/SignTools-CI) - instead of using a Continuous Integration (CI) provider, you turn one of your own Macs into a builder used to pull, sign, and upload any iOS apps to your `SignTools` service.\n\nYou only need to configure one builder. If you already configured a CI provider as your builder, you don't need to do anything here. This project is aimed at people who want to have a self-hosted builder.\n\n## Important\n\n### Security\n\nThis server requires the use of an authentication key so that only the web service can control your builder. However, there is no built-in support for HTTPS or any other form of encryption. Therefore:\n\n\u003e :warning: **Anybody with access to the builder's network can potentially manipulate the builder to execute any code that they want on your machine.**\n\nTo prevent this, only deploy this server in a trusted environment, or even better, wrap the server in HTTPS yourself using a reverse proxy like nginx.\n\n### Side effects on your Mac\n\nWhile this server is not expected to interfere with the normal operation of your system, it does perform a substantial amount of work to get your apps signed, including making changes to the keychain.\n\n\u003e :warning: **It is highly recommended that you dedicate this Mac exclusively as a builder. Using it for other purposes, especially at the same time as a sign job is running, could lead to undefined issues.**\n\n## Setup\n\nAll the steps should be performed on your builder Mac.\n\n1. Install the following dependencies:\n   - [fastlane](https://github.com/fastlane/fastlane)\n   - curl\n   - node\n   - python3\n2. Download the correct [binary release](https://github.com/SignTools/SignTools-Builder/releases)\n3. Make the binary executable by running: `chmod +x SignTools-Builder`. Replace the name with the file that you just downloaded\n4. Download the archive of `SignTools-CI` and extract it in the same folder as the binary from the previous step. These will be your **signing files**. The whole step can be accomplished with the following commands:\n   ```bash\n   curl -sL https://github.com/SignTools/SignTools-CI/archive/master.zip -o master.zip\n   unzip master.zip\n   rm master.zip\n   ```\n\n\u003e :warning: **Remember to update the signing files from above every time that you update the signing service. Otherwise you may experience random issues.**\n\n## Running\n\nYou need to make up an authentication key. It has to be at least 8 characters long. Note it down - you will need to put it in your `SignTools` service's configuration file later on.\n\nTo start the server, use the auth key and signing files from before and pass them as arguments:\n\n```bash\n./SignTools-Builder -key \"SOME_SECRET_KEY\" -files \"SignTools-CI-master\"\n```\n\nThe first time you run the server, you will have to [allow](https://www.macworld.co.uk/how-to/mac-app-unidentified-developer-3669596/) the unrecognized binary to run on your machine. After that it will run with no interruptions.\n\nFor reference, these all of the arguments that will be used:\n\n```bash\n  -files string\n    \tPath to directory whose files will be included in each sign job. Should at least contain a signer script 'sign.py'\n  -host string\n    \tListen host, empty for all\n  -key string\n    \tAuth key the web service must use to talk to this server\n  -port uint\n    \tListen port (default 8090)\n  -timeout uint\n    \tJob timeout in minutes (default 15)\n```\n\nYou can always print them by running with `-help`.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsigntools%2Fsigntools-builder","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsigntools%2Fsigntools-builder","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsigntools%2Fsigntools-builder/lists"}